What's stopping someone from writing a rogue linux daemon that sniffs your keystrokes from elsewhere in the X11 context and extrapolates which one is your password and then casually makes itself root, at which point it can do literally anything, including running curl /payload.sh | sh -s
What's stopping someone from compromising your distro's repos and inserting their program into one of the packages? Do you ever check to see what you're downloading? How sure are you that a package wasn't tainted with malware? Even if you compile from source, how sure are you that your distro's source repos haven't been compromised by a malicious actor?
Julian Taylor
faggot
Dominic Roberts
>tfw you will never be a cute trap
Chase Johnson
DELET THIS
you're underestimating the amount of program required and permission required to do that. you'd need root/sudo permission to do that stuff. also most people don't install lots of random stuff and run it without noticing what it's doing. there is malware for linux. you've just got to avoid compiling it and then running it. you're most likely going to get fucked from exploits in your browser running trash like java as root.
Camden King
>write a keylogger nothings stopping them, except willingness to go to the effort.
>compromising your distro, or upstream because most projects of significant size have more than one person involved, so someone else at least glances at the code. In other words it'd be hard to do this in a way that wouldn't be detected, even if you're already a committer to a project or a distro maintainer.
Easton Wood
Yubikey, PAM, and OTP for sudo.
Rekt
Easton Sullivan
Nothing that's what so great about Linux: YOU CAN DO ANYTHING!
Logan Ramirez
>What's stopping someone from compromising your distro's repos and inserting their program into one of the packages?
can they do that to windows 10
James Roberts
I want to dick her.
Liam Gonzalez
>her
Alexander Clark
That sounds too complicated. Just edit .bashrc and alias sudo.
Isaac Martin
the point is to execute your payload without making your presence known to the user, especially not on linux, where it's users are autistic enough to stare at htop and notice something they don't recognize
Chase Reed
You can use onscreen clickable keyboards to enter passwords if you're concerned about keyloggers. As for altering packages, all of Debian's are gpg signed, which is why they don't even bother using tls on their repo servers. They do provide it for the paranoid, though, as well as .onion links. But the newest problems are in-memory exploits, and it looks like that's going to be the wave of the future.
Liam Gonzalez
>onscreen clickable keyboards to enter passwords Do you know of any onscreen keyboards that shuffle the symbols after each click?
Nathaniel Ross
tfw trap that looks and sounds like a girl irl
Brayden Sullivan
...
Elijah Baker
I check the files of everything I don't install from official repos.
Evan Sullivan
Pretty sure systemd does this already.
Chase Thomas
Astolfo is straight and a male.
Nathaniel Scott
Generally speaking, if an attacker can get arbitrary code execution on your machine, it's game over, regardless of whether or not they have root. Yes, you can run a keylogger without root. You can do the same on Windows. You can do more with root, but even without root, you have a lot of flexibility. Suck up CPU cycles, run a botnet, take potshots at getting root with any number of vulnerabilities... There are of course strategies to counter these (else any server with multiple users could get fork bombed fast), but if you aren't a particular sysadmin, it just makes sense not to run random code you found on the web.
Camden Baker
I got hormones at 16 and I wasnt even a tranny so now I get to be a trap for a very long time :-)
Matthew Howard
YOU’RE GOING TO HELL, REPENT
Lincoln Cooper
stallman's autism
you'd have to be insane to talk to him long enough to get access to his repos
it's the best counterintelligence that exists
Kayden White
Being this(THIS) Paranoid
Get help
Easton Gonzalez
kek
Dylan Lopez
hello miau :DDD
Jack Nelson
post pics pls
Owen Collins
nice trips dont know who that is no
Ryan Phillips
oh thought you were another soyboy hacker trap
Henry Howard
nah i have a wife (female) and a non tech job
Jordan Garcia
pro tips for x11
- no auth in x11 session. use console for local admin - wrap browser in XPRA. browser runs under diff uid and screen transferred via memory to your x11 session - bonus points awarded for iptables -P OUTPUT DROP and privoxy
